A number of security issues arise when computers or other resources are accessible by humans. Most computers and computer networks incorporate computer security techniques, such as access control mechanisms, to prevent unauthorized users from accessing remote resources. Human authentication is the process of verifying the identity of a user in a computer system, often as a prerequisite to allowing access to resources in the system. A number of authentication protocols have been proposed or suggested to prevent the unauthorized access of remote resources. In one variation, each user has a password that is presumably known only to the authorized user and to the authenticating host. Before accessing the remote resource, the user must provide the appropriate password, to prove his or her authority.
Generally, a good password is easy for the user to remember, yet not easily guessed by an attacker. In order to improve the security of passwords, the number of login attempts is often limited (to prevent an attacker from guessing a password) and users are often required to change their password periodically. Some systems use simple methods such as minimum password length, prohibition of dictionary words and information extraction techniques to evaluate a user selected password at the time the password is selected, to ensure that the password is not particularly susceptible to being guessed. As a result, users are often prevented from using passwords that are easily recalled. In addition, many systems generate random passwords that users are required to use.
Thus, some users employ mnemonic aids and other learning tools in order to memorize passwords by establishing associations with the new password. For example, a user may employ a story, music or poetry associations to remember a password. Even after a user memorizes a password, however, such memory will degrade over time. Thus to avoid the problems associated with forgetting a password, many users will write their password down or store the password in a computer file, which potentially compromises system security. A need therefore exists for a method and apparatus that generates passwords that are easy for the user to remember, yet not easily guessed by an attacker. A further need therefore exists for a method and apparatus that sends periodic password reminders to a user to reinforce the password.